As network electronic data techniques have developed, there has been an accompanying shift away from paper as information transmission media to the electronic data themselves. Generally, when paper is the medium used, the signing or the affixing of a seal is performed as a personal confirmation of the contents (information) recorded on the paper. However, since electronic data are easily copied and during the communication process there are many opportunities for the alteration of data, an indispensable need exists for a digital signature technique that affords high security.
Public key cryptography (also called asymmetric cryptography) and secret key cryptography (also called symmetric cryptography) are well known data cryptography methods. According to secret key cryptography, a sender and a recipient who engage in secure communication each hold a shared key. When communicating with the recipient, the sender uses the shared key to encrypt information, and upon receiving the encrypted information, the recipient uses the shared key to decrypt it. As an assumption when this method is employed, the shared key is a secret that is jointly shared by the sender and the recipient, and if the secret, the shared key, is compromised, encrypted communications for which the shared key is used will not be secure.
On the other hand, according to the public key cryptography, a pair of keys, a public key and a private key, are employed, and information encrypted using one key can not substantially be decrypted unless the other key is used. A user encrypts information using the public key of another user that has been obtained in advance, and transmits the encrypted information to the subject user. Thereafter, the recipient decrypts the received information using his or her private key. The advantage of this method is that communication security can be maintained even when the public key has been disclosed to third parties, and no secret key information need be shared as a communication prerequisite. A digital signature can also be affixed using this public key cryptography. That is, a sender, using a private key that only he or she has knowledge of, can encrypt a document, and a recipient can obtain a public key corresponding to the private key and use it to decrypt the document. As a result, the contents of the signed document can be confirmed. In this case, satisfactory grounds must be established to confirm that the disclosed public key belongs to the signing person. For this confirmation, a certification service provided by a certification authority (CA) can be employed. For the user, it is important that he or she be able to protect his or her private key. If the private key should be exposed, a third party could employ the private key to impersonate the actual owner of the key. Therefore, for the security of a digital signature (both for communication cryptography and key distribution) it is imperative that absolute protection be afforded a private key.
For recent electronic commerce (e-business), XML documents have been employed as the form used for the exchange of data. Since an XML document is a self-descriptive structure, more complicated data can be handled effectively. Therefore, it is highly possible that XML will be employed as a standard not only for B2B (business to business) documents, but also B2C (business to consumer) documents.
Because of this background, digital signature specifications for XML, XMLDSIG, are being established for the WWW Consortium, W3C. The XML digital signature technique is expected to be used as a trump card for the prevention of data alteration and the acquisition of evidence to support a transaction.
Problems to be Solved by the Invention
As is described above, the protection of a private key is important in order to prove the identity of an authenticated user, or to prevent a third party from impersonating the authenticated user. Thus, it is not secure for a private key to be stored and managed on the hard disk of a personal computer; it is advantageous that the private key be stored on a security token, such as a smart card, that a user can remove and carry.
However, since a smart card does not have a display function, the user must employ a personal computer having a card reader to confirm, on its screen, the contents of a document to be signed. When, for example, a user purchases a product at a shop and signs a transaction document for electronic payment, the user confirms the contents of the document on the screen of a local personal computer or the POS terminal at the shop. At this time, a question exists relative to the validity of the contents of the displayed document. In this case, if the contents of the document transmitted by a transaction organization to the terminal were altered before transmission, this alteration would not be apparent to the user, who would sign a document including terms differing from those previously agreed upon. To remove this uncertainty, it is advantageous that the user employ a fully secure terminal, e.g., his or her own PDA or i-mode portable telephone, to confirm a document to be signed.
However, the following problem has arisen relative to the mounting of a digital signature function on a terminal. This is an outstanding problem, especially when a portable terminal is used to perform the XML digital signature function, which in the future will be further developed. Since a portable terminal has only a small display screen, it is difficult to display complete sentences contained in a document that is to be signed. Especially for an XML document, the display screen of a portable terminal is insufficiently large to display additional tag information and other information based on DSIG specifications.
Further, the calculation resources available to a portable terminal are generally limited, and this, imposes an exceedingly large load on the portable terminal when calculations required for an electric signature are to be performed. Since especially for an XML digital signature an XML or an XPath processor is required, if such a processor is mounted on a portable terminal having only limited calculation resources, costs will be increased.